Entrust PKI used in U.S. ePassports

Entrust PKI leveraged as security foundation for machine readable travel documents


DALLAS — December 19, 2007 — When the U.S. Department of State decided to move to digital passports — also known as ePassports — it also recognized there was an opportunity to add another layer of security to these credentials, and it turned to Entrust, Inc. [NASDAQ: ENTU] to provide the public key infrastructure (PKI)-enabled digital signature.

A function known as non-repudiation, the digital signature verifies that the digital credential has, in fact, been issued by the U.S. Department of State and that it has not been tampered with since its issuance. To date, the U.S. Department of State has surpassed the 18 million milestone mark for deploying the new ePassports.

"The digital signatures on the new passports illustrate how PKI technology is being used in a number of new applications, reinforcing PKI as the gold standard for digital security," said Entrust Chairman President and CEO Bill Conner. "It's really a PKI 2.0 trend we're seeing in the market right now. More organizations are realizing the value and unprecedented scalability PKI technology affords them when deploying and managing security for digital identities and information — especially on a mass scale like this."

Since August 2006 only ePassports have been issued in the U.S. As security guidelines to travel between the United States, Mexico, Canada and the Caribbean now require a valid passport, the issuance of ePassports has risen dramatically. This increase is expected to continue, with an eventual production of 15 to 18 million ePassports annually.

"Along with the U.S., we have been able to help secure ePassports and national ID cards in Spain, Singapore, Saudi Arabia, New Zealand, Slovenia and others," Conner added. "This security feature can also help prevent these credentials from being counterfeited, which adds a greater level of assurance to both the border patrol officials, as well as the travelers themselves."

ePassport travel documents contain an electronic chip that stores sensitive personal information that can be verified against the data on the passport as well as against the individual at the border control point. Although U.S. ePassports currently store a digital facial image, the documents have the capability to securely include digitized photographs, fingerprints or other biometrics. To protect these assets, PKI is an integral technology for the security and verification infrastructure of ePassports. The Entrust Authority PKI portfolio is one of the leading solutions to support this capability.

The Department of State has employed a multilayered approach to protect the privacy of the information contained on the ePassport. In addition to a metallic cover that prevents skimming or eavesdropping of the information while the document is closed, Basic Access Control (BAC) technology is used to "unlock" the data on the chip. A PKI digital signature enables alteration or modification of the data on the chip to be detected and enables authorities to validate and authenticate the data.

Modular and fully integrated, the Entrust Authority PKI portfolio is built on the foundation of Entrust Authority Security Manager, the certification authority (CA) system responsible for issuing and managing digital identities. Optional components help organizations manage the entire lifecycle of PKI certificates. Approximately 1,000 government and commercial organizations have purchased Entrust PKI solutions since Entrust brought it's first PKI to market in the 1990s.

This content continues onto the next page...